CVE-2020-13674 - log back

CVE-2020-13674 edited at 21 Sep 2021 11:36:18
Severity
- Unknown
+ High
Remote
- Unknown
+ Remote
Type
- Unknown
+ Cross-site request forgery
Description
+ The Drupal QuickEdit module does not properly validate access to routes, which could allow cross-site request forgery under some circumstances and lead to possible data integrity issues.
+
+ Sites are only affected if the QuickEdit module (which comes with the Standard profile) is installed. Removing the "access in-place editing" permission from untrusted users will not fully mitigate the vulnerability.
References
+ https://www.drupal.org/sa-core-2021-006
Notes
CVE-2020-13674 created at 21 Sep 2021 11:34:35